Filter
Top Products
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
LAN Configuration 3-5
v1.2, June 2008
Managing Groups and Hosts (LAN Groups)
The Known PCs and Devices table in the LAN Groups menu contains a list of all known PCs
and network devices that are assigned dynamic IP addresses by the VPN firewall, or have been
discovered by other means. Collectively, these entries make up the LAN Groups Database.
The LAN Groups Database is updated by these methods:
• DHCP Client Requests. By default, the DHCP server in this VPN firewall is enabled, and
will accept and respond to DHCP client requests from PCs and other network devices. These
requests also generate an entry in the LAN Groups Database. Because of this, leaving the
DHCP server feature (on the LAN screen) enabled is strongly recommended.
• Scanning the Network. The local network is scanned using ARP requests. The ARP scan will
detect active devices that are not DHCP clients. However, sometimes the name of the PC or
device cannot be accurately determined, and will appear in the database as Unknown.
• Manual Entry. You can manually enter information about a network device.
Some advantages of the LAN Groups Database are:
• Generally, you do not need to enter either IP address or MAC addresses. Instead, you can just
select the desired PC or device.
• No need to reserve an IP address for a PC in the DHCP server. All IP address assignments
made by the DHCP server will be maintained until the PC or device is removed from the
database, either by expiry (inactive for a long time) or by you.
• No need to use a fixed IP on PCs. Because the address allocated by the DHCP server will
never change, you don't need to assign a fixed IP to a PC to ensure it always has the same IP
address.
• MAC level control over PCs. The LAN Groups Database uses the MAC address to identify
each PC or device. So changing a PC’s IP address does not affect any restrictions on that PC.
• Group and individual control over PCs.
– You can assign PCs to Groups and apply restrictions to each Group using the Firewall
Rules screen (see “Using Rules to Block or Allow Specific Kinds of Traffic” on page 4-2).
– You can also select the Groups to be covered by the Block Sites feature (see “Blocking
Internet Sites (Content Filtering)” on page 4-20).
– If necessary, you can also create Firewall Rules to apply to a single PC (see “Configuring
Source MAC Filtering” on page 4-24). Because the MAC address is used to identify each
PC, users cannot avoid these restrictions by changing their IP address.